Your Privacy Matters

Häuses Platforms (Canada) Limited ("we", "us", or "our") operates the Häuses property management platform (the "Service"). We are a corporation incorporated under the laws of Ontario, Canada, with our registered office at 100 King Street West, Suite 5700, Toronto, ON M5X 1A9.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and applicable Ontario privacy legislation.

We are committed to protecting your privacy and ensuring you have a positive experience on our platform. This policy outlines our data practices in clear, simple language.

By using Häuses, you consent to the collection, use, and disclosure of your personal information as described in this policy. If you do not agree with our policies and practices, please do not use our Service.

We collect several types of information to provide and improve our Service:

**Personal Information**
- Name, email address, phone number
- Postal address (for landlords and tenants)
- Date of birth (for tenant verification)
- Social Insurance Number (for tax reporting purposes, landlords only, where required by the Canada Revenue Agency)
- Bank account details (for rent payments and disbursements via Pre-Authorized Debit)
- Payment card information (processed securely by Stripe)
- Pre-Authorized Debit (PAD) mandate details

**Property Information**
- Property addresses and details
- Lease agreements and related documents
- Provincial compliance records (N-form notices, rent increase filings, LTB/RTB records)
- Maintenance records and contractor information
- Municipal property tax and utility information

**Financial Information**
- Rent payment history and transaction records
- Last month's rent deposit amounts
- Invoice and receipt data
- Tax-related documentation (T4 slips, rental income records for CRA reporting)

**Usage Information**
- Device information (IP address, browser type, operating system)
- Login times and access logs
- Pages visited and features used
- Communication preferences

**Communications**
- Messages sent through the platform between landlords, tenants, and agents
- Support tickets and customer service correspondence
- Email communications and notifications

Under PIPEDA, we collect and use personal information only for purposes that a reasonable person would consider appropriate in the circumstances. We use the information we collect for the following purposes:

**Service Delivery**
- Create and manage your account
- Process rent payments and financial transactions
- Facilitate lease agreements and document management
- Enable communication between landlords, tenants, and agents
- Provide maintenance tracking and contractor management
- Generate N-form notices and compliance documents under provincial tenancy acts

**Legal Compliance**
- Comply with the Residential Tenancies Act, 2006 (Ontario) and other applicable provincial tenancy legislation
- Meet Canada Revenue Agency (CRA) tax reporting obligations
- Fulfill Landlord and Tenant Board (LTB) procedural requirements
- Comply with anti-money laundering regulations under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act
- Maintain compliance audit trails

**Payment Processing**
- Process rent payments via Stripe (card payments), Pre-Authorized Debit (PAD), and Interac e-Transfer
- Manage subscription billing for landlords and agencies
- Handle refunds and disputed transactions
- Generate invoices and receipts

**Service Improvement**
- Analyze usage patterns to improve features
- Monitor platform performance and uptime
- Identify and fix technical issues
- Develop new features based on user needs

**Communication**
- Send transactional emails (payment confirmations, notice deadline reminders, compliance alerts)
- Provide customer support
- Send important service updates and security notices
- Commercial electronic messages (with your express consent as required by CASL, with unsubscribe available in every message)

Under PIPEDA, we rely on the following forms of consent:

**Express Consent**
We obtain your express consent when we:
- Collect sensitive personal information (e.g., Social Insurance Number, bank account details)
- Send commercial electronic messages (as required by CASL)
- Share your information with third parties for purposes beyond service delivery
- Use your information for marketing purposes

**Implied Consent**
We rely on implied consent when:
- You voluntarily provide personal information for an obvious purpose (e.g., entering your address to add a property)
- The collection is necessary to fulfill a contract with you (e.g., processing your rent payment)
- It would be reasonable to expect such collection for the service you've requested

**Withdrawing Consent**
You may withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice. To withdraw consent, contact us at privacy@hauses.ca. Please note that withdrawing consent may limit our ability to provide certain features of the Service.

We will not require you to consent to the collection of information beyond what is necessary to provide the Service as a condition of using Häuses.

We share your information only in the following circumstances and only to the extent necessary:

**Service Providers**
- **Stripe**: Payment processing for card transactions (PCI DSS compliant)
- **PAD processor**: Pre-Authorized Debit processing for automated rent collection
- **AWS**: Cloud infrastructure and database hosting (Canadian data centre, Montreal region ca-central-1)
- **Resend**: Transactional email delivery
- **Sentry**: Error monitoring and application performance

All service providers are bound by data processing agreements that require them to protect your information to standards consistent with PIPEDA.

**Legal Requirements**
We may disclose your information if required by law or in response to:
- Court orders or legal processes issued by a Canadian court
- Requests from the Landlord and Tenant Board (LTB) or equivalent provincial tribunals
- Requests from the Canada Revenue Agency (CRA)
- Requests from law enforcement or regulatory authorities with lawful authority
- Protection of our rights, property, or safety
- Investigation of fraud or security issues

**Business Partners**
- **Property management companies**: If your property is managed by an agency using Häuses
- **Landlords**: If you are a tenant, your landlord can access your tenancy information as necessary for the landlord-tenant relationship
- **Paralegal and legal referral partners**: For dispute preparation (with your consent)

**Business Transfers**
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. We will notify you of any such change and ensure the new entity is bound by equivalent privacy protections.

**With Your Consent**
We may share information with third parties when you explicitly consent to such sharing.

We do not sell, rent, or trade your personal information to third parties for marketing or any other purpose.

We implement industry-standard security measures to protect your information, consistent with PIPEDA's requirements for appropriate safeguards:

**Technical Safeguards**
- 256-bit SSL/TLS encryption for data in transit
- AES-256 encryption for data at rest
- Secure, isolated database architecture
- Regular security audits and penetration testing
- SOC 2 Type II compliance

**Access Controls**
- Multi-factor authentication for all accounts
- Role-based access permissions
- Audit logs for all data access
- Regular access reviews and revocations
- Employee background checks and security training

**Payment Security**
- PCI DSS Level 1 compliance via Stripe
- Tokenization of payment card data
- No storage of full card numbers or CVV codes
- Secure Pre-Authorized Debit mandate processing
- Interac e-Transfer reconciliation via encrypted channels
- Fraud detection and prevention systems

**Data Residency**
- All primary data stored in Canadian data centres (AWS Montreal, ca-central-1)
- Database backups stored within Canada
- No personal information stored outside of Canada without explicit disclosure and appropriate safeguards
- Automated daily backups with encrypted storage
- Disaster recovery procedures tested quarterly

**Incident Response**
- 24/7 security monitoring
- Automated threat detection
- Incident response team on standby
- Breach notification to affected individuals and the Office of the Privacy Commissioner of Canada as required by PIPEDA's mandatory breach reporting provisions (PIPEDA Division 1.1)

While we implement strong security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our protections.

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

**Active Accounts**
- Information retained while your account is active
- Updated as you use the Service

**Closed Accounts**
- Account data retained for 7 years after closure (CRA requirement for financial records)
- Financial records retained for 7 years (Income Tax Act)
- Lease agreements and related documents retained for 6 years after tenancy ends (Ontario Limitations Act, 2002, S.O. 2002, c. 24, Sched. B)
- LTB filings and N-form records retained for 2 years after the order or decision (LTB retention practice)

**Legal Holds**
Information may be retained longer if required for:
- Ongoing litigation or disputes before the LTB or courts
- CRA audits or reassessments
- Regulatory investigations
- Legal compliance obligations

**Destruction**
After retention periods expire, we either:
- Permanently and securely delete your information, or
- De-identify it so it can no longer identify you

**Right to Deletion**
You may request deletion of your information before retention periods expire, subject to legal requirements. See "Your Rights" section below.

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights:

**Right to Access**
You can request a copy of all personal information we hold about you. We will respond within 30 days of receiving your request. There is no fee for standard requests.

**Right to Correction**
You can challenge the accuracy and completeness of your personal information and have it corrected. You can update most information through your account settings, or contact us for assistance.

**Right to Withdraw Consent**
You can withdraw consent for the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.

**Right to Challenge Compliance**
You have the right to challenge our compliance with PIPEDA by contacting our Privacy Officer.

**Right to Complain**
If you are not satisfied with our response, you can file a complaint with the Office of the Privacy Commissioner of Canada:
- Website: priv.gc.ca
- Phone: 1-800-282-1376
- Address: 30 Victoria Street, Gatineau, QC K1A 1H3

You may also contact the Information and Privacy Commissioner of Ontario for matters related to Ontario provincial privacy legislation:
- Website: ipc.on.ca
- Phone: 1-800-387-0073
- Address: 2 Bloor Street East, Suite 1400, Toronto, ON M4W 1A8

**CASL Rights**
Under Canada's Anti-Spam Legislation, you have the right to:
- Unsubscribe from commercial electronic messages at any time using the unsubscribe link in every message
- We will process unsubscribe requests within 10 business days as required by CASL

**How to Exercise Your Rights**
Email us at privacy@hauses.ca with your request. We will respond within 30 days. If we need additional time, we will notify you and explain why.

We use cookies and similar tracking technologies to improve your experience:

**Essential Cookies**
Required for the Service to function:
- Authentication tokens
- Session management
- Security features

**Analytics Cookies**
Help us understand how you use the Service:
- Page views and navigation patterns
- Feature usage statistics
- Performance monitoring

**Preference Cookies**
Remember your settings:
- Language preferences
- Display settings
- Notification preferences

**Cookie Management**
You can control cookies through your browser settings. Note that disabling essential cookies may prevent you from using the Service.

We do not use third-party advertising cookies or sell your browsing data.

Häuses is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children or minors.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@hauses.ca and we will promptly delete such information.

Your personal information is stored and processed in Canada. We make every effort to keep your data within Canadian borders.

**Data Residency**
- Primary data storage: AWS Montreal (ca-central-1), Canada
- Database backups: Within Canada
- Atlas AI processing: Within Canada

**Limited Cross-Border Transfers**
Some of our service providers may process data outside of Canada:
- **Stripe**: Global payment processing (PCI DSS compliant, data minimized to transaction data only)
- **Sentry**: Error monitoring (anonymized and aggregated data only)

Where personal information is transferred outside of Canada, we ensure that:
- The recipient provides a comparable level of protection as required by PIPEDA (Principle 4.1.3)
- Contractual safeguards are in place through Data Processing Agreements
- Only the minimum necessary information is transferred
- You are informed of any material cross-border transfers

**No Transfers to Jurisdictions Without Adequate Protection**
We do not transfer personal information to jurisdictions that do not provide a level of protection comparable to that provided under Canadian law, unless adequate contractual protections are in place.

We may update this Privacy Policy from time to time to reflect:
- Changes in our data practices
- New features or services
- Changes in applicable Canadian federal or provincial law
- Guidance from the Office of the Privacy Commissioner of Canada

**Notification of Changes**
- We will post the updated policy on this page
- The "Last Updated" date will be revised
- For material changes, we will email you at your registered address and, where appropriate, seek fresh consent
- Continued use of the Service after changes constitutes acceptance, unless the changes require express consent

We encourage you to review this policy periodically.

If you have questions about this Privacy Policy or our data practices, please contact us:

**Privacy Officer**
Häuses Platforms (Canada) Limited
100 King Street West, Suite 5700
Toronto, ON M5X 1A9
Email: privacy@hauses.ca

**General Support**
Email: support@hauses.ca
Phone: +1 (416) 123-4567

**Office of the Privacy Commissioner of Canada**
For complaints about our data handling:
Website: priv.gc.ca
Phone: 1-800-282-1376

**Information and Privacy Commissioner of Ontario**
For Ontario-specific privacy matters:
Website: ipc.on.ca
Phone: 1-800-387-0073

We aim to respond to all privacy inquiries within 5 business days and will provide a substantive response within 30 days as required by PIPEDA.